I am proud to say that I have been working with the Hyperledger Fabric project nearly since it’s inception almost two years ago. While frustrating at times in the beginning (as is the case with most open-source, popular, and pre-alpha software), I have grown to enjoy working with the Fabric. It has improved my skills in a variety of areas such as golang, docker, encryption, pkcs11, continuous integration, and many more. Since the Fabric recently went 1.0, this blog post will focus on how to bootstrap the fabric without the aid of cryptogen tool.

Choosing a secure file syncing application has never been easier. After evaluating a variety of options such Dropbox, OwnCloud, and Seafile for over 5 years, the journey is finally over. I have found the best option - Syncthing. Let me explain why you should consider it.

It’s very tempting to use the most popular Linux distributions as a base for docker containers. In fact, most of the time, that is actually a good idea. However, when trying to build the most secure container possible, at the lowest possible size, these base images become bloat. Why include libraries and other binaries in your docker container if your application does not need them?

While going through the manual of openssl, I thought it would be a good exercise to understand the signature verification process for educational purposes. As a fruit to my labor, I would also develop a simple script to automate the process.

Ansible has many powerful modules. One of which is called uri which is capable of sending any kind of HTTP request. Using this module, it is fairly simple to allow ansible to intelligently talk to a REST API. This will come in handy during for automation of the sensu monitoring docker infrastructure I am currently working on.

OpenSSL is quite and extensive project. The docs for the cli (openssl commands) gives you an overview on just how many things you can do with openssl. Knowing openssl is essential in the security field. I will use this post as a reference for frequent things I do with openssl and update it when needed.

Nginx is a great web server which offers very high performance with little resource consumption. This makes it ideal for docker containers, small embedded devices, or even just dealing with a ton of connections. I also often use Nginx’s powerful proxy capabilities. Nginx is one of those applications I use quite often, pretty much for anything related to http(s). Having said that, it becomes very important for me to be able to deploy this in a secure manner.

Let’s Encrypt is awesome! This service allows you to automate the retrieval of as many valid TLS certificates as you wish, as long as you can “prove” that you own the domain. One of the first proofs that they offered was the http-01 challenge. This proof works by essentially sending your domain a random HTTP GET request string which your lets-encrypt client must receive and send back.

Docker relies on storage engines to layer images. The default storage driver depends on who packaged docker for your OS. Fortunately, it’s not too difficult to change; However you may lose your images and containers so it’s best to decide on a driver when you begin.

MemSQL is a cool distributed In-Memory Database which offers high performance, sharded horizontal scale-out design, High Availability (with Enterprise edition), and the familiar SQL syntax. It also ships with a great looking GUI that displays most of information you need to know about your cluster.